Blocks
2 years ago
Contracts
5 years ago
Database
3 years ago
Integrations
2 years ago
Libraries
5 years ago
Models
2 years ago
Seeds
4 years ago
Services
2 years ago
Support
2 years ago
config
2 years ago
Activator.php
5 years ago
Attachment.php
4 years ago
Controller.php
5 years ago
Core.php
5 years ago
Deactivator.php
3 years ago
Factory.php
5 years ago
Files.php
5 years ago
Playlist.php
2 years ago
Plugin.php
5 years ago
Requirements.php
4 years ago
support.php
4 years ago
Files.php
306 lines
| 1 | <?php |
| 2 | |
| 3 | namespace PrestoPlayer; |
| 4 | |
| 5 | use PrestoPlayer\Attachment; |
| 6 | |
| 7 | class Files |
| 8 | { |
| 9 | /** |
| 10 | * Allowed ip addresses to private folder |
| 11 | * |
| 12 | * @var array |
| 13 | */ |
| 14 | protected $allowed_ips = []; |
| 15 | |
| 16 | /** |
| 17 | * Privat folder name |
| 18 | * |
| 19 | * @var string |
| 20 | */ |
| 21 | protected $private_folder = 'presto-player-private'; |
| 22 | |
| 23 | /** |
| 24 | * Store allowed ips and let user filter private folder |
| 25 | */ |
| 26 | public function __construct() |
| 27 | { |
| 28 | $this->allowed_ips = include PRESTO_PLAYER_PLUGIN_DIR . '/inc/Libraries/BunnyCDNIPs.php'; |
| 29 | $this->private_folder = apply_filters('presto_player_private_foldername', $this->private_folder); |
| 30 | } |
| 31 | |
| 32 | public function getAllowedIPs() |
| 33 | { |
| 34 | return $this->allowed_ips; |
| 35 | } |
| 36 | |
| 37 | /** |
| 38 | * Register actions and filters |
| 39 | * |
| 40 | * @return void |
| 41 | */ |
| 42 | public function register() |
| 43 | { |
| 44 | add_filter('upload_dir', [$this, 'mediaUploadFolder']); |
| 45 | add_filter('wp_prepare_attachment_for_js', [$this, 'galleryLabel']); |
| 46 | add_filter('wp_generate_attachment_metadata', [$this, 'privateMeta'], 10, 2); |
| 47 | add_action('ajax_query_attachments_args', [$this, 'hidePrivate']); |
| 48 | |
| 49 | return $this; |
| 50 | } |
| 51 | |
| 52 | /** |
| 53 | * Gets a public or private type |
| 54 | * |
| 55 | * @return string |
| 56 | */ |
| 57 | public function getVideoType() |
| 58 | { |
| 59 | $query = []; |
| 60 | $url = wp_get_raw_referer(); |
| 61 | $parts = parse_url($url); |
| 62 | isset($parts['query']) ? parse_str($parts['query'], $query) : ''; |
| 63 | return isset($query['presto_video_type']) ? $query['presto_video_type'] : ''; |
| 64 | } |
| 65 | |
| 66 | /** |
| 67 | * Hides external attachment items from ajax query |
| 68 | * |
| 69 | * @param array $query |
| 70 | * @return array |
| 71 | */ |
| 72 | public function hideAjaxExternalVideos($query) |
| 73 | { |
| 74 | $query['meta_query'] = [ |
| 75 | 'relation' => 'OR', |
| 76 | [ |
| 77 | 'key' => 'presto_external_id', |
| 78 | 'compare' => 'NOT EXISTS', // works! |
| 79 | ], |
| 80 | ]; |
| 81 | |
| 82 | return $query; |
| 83 | } |
| 84 | |
| 85 | /** |
| 86 | * Hide external videos on attachment page |
| 87 | * |
| 88 | * @param \WP_Query $query |
| 89 | * @return void |
| 90 | */ |
| 91 | public function hideExternalVideos($query) |
| 92 | { |
| 93 | global $pagenow; |
| 94 | |
| 95 | // disable on uploads page |
| 96 | if ($pagenow !== 'upload.php') { |
| 97 | return; |
| 98 | } |
| 99 | |
| 100 | // allow filter to fetch |
| 101 | if (apply_filters('presto_player_get_external_attachments', false)) { |
| 102 | return; |
| 103 | } |
| 104 | |
| 105 | $query->set('meta_query', [ |
| 106 | 'relation' => 'OR', |
| 107 | [ |
| 108 | 'key' => 'presto_external_id', |
| 109 | 'compare' => 'NOT EXISTS', // works! |
| 110 | 'value' => '' // This is ignored, but is necessary... |
| 111 | ], |
| 112 | ]); |
| 113 | } |
| 114 | |
| 115 | /** |
| 116 | * Hides private/public items based on video type query |
| 117 | * |
| 118 | * @param array $query |
| 119 | * @return array |
| 120 | */ |
| 121 | public function hidePrivate($query) |
| 122 | { |
| 123 | $type = $this->getVideoType(); |
| 124 | |
| 125 | switch ($type) { |
| 126 | case 'public': // public only, dont show private |
| 127 | $query['meta_query'] = [ |
| 128 | [ |
| 129 | 'relation' => 'AND', |
| 130 | [ |
| 131 | 'key' => 'presto_external_id', |
| 132 | 'compare' => 'NOT EXISTS', // works! |
| 133 | 'value' => '' // This is ignored, but is necessary... |
| 134 | ], |
| 135 | [ |
| 136 | 'relation' => 'OR', |
| 137 | [ |
| 138 | 'key' => 'presto-private-video', |
| 139 | 'compare' => 'NOT EXISTS', // works! |
| 140 | 'value' => '' // This is ignored, but is necessary... |
| 141 | ], |
| 142 | [ |
| 143 | 'key' => 'presto-private-video', |
| 144 | 'value' => false |
| 145 | ] |
| 146 | ] |
| 147 | ] |
| 148 | ]; |
| 149 | break; |
| 150 | case 'private': // private only |
| 151 | $query['meta_query'] = [ |
| 152 | [ |
| 153 | 'relation' => 'AND', |
| 154 | [ |
| 155 | 'key' => 'presto_external_id', |
| 156 | 'compare' => 'NOT EXISTS', // works! |
| 157 | 'value' => '' // This is ignored, but is necessary... |
| 158 | ], |
| 159 | [ |
| 160 | 'key' => 'presto-private-video', |
| 161 | 'value' => true |
| 162 | ] |
| 163 | ] |
| 164 | ]; |
| 165 | break; |
| 166 | } |
| 167 | |
| 168 | return $query; |
| 169 | } |
| 170 | |
| 171 | /** |
| 172 | * Add meta data to attachment so WP knows it's private |
| 173 | * |
| 174 | * @param array $data |
| 175 | * @return void |
| 176 | */ |
| 177 | public function privateMeta($data, $id) |
| 178 | { |
| 179 | if (Attachment::isPrivate($id)) { |
| 180 | update_post_meta($id, 'presto-private-video', true); |
| 181 | } |
| 182 | |
| 183 | return $data; |
| 184 | } |
| 185 | |
| 186 | |
| 187 | /** |
| 188 | * Change media uploader folder only in case of private files |
| 189 | * |
| 190 | * @param array $data |
| 191 | * @return array |
| 192 | */ |
| 193 | public function mediaUploadFolder($data) |
| 194 | { |
| 195 | if ($this->getVideoType() === 'private') { |
| 196 | $data['path'] = $data['basedir'] . '/' . $this->private_folder; |
| 197 | $data['url'] = $data['baseurl'] . '/' . $this->private_folder; |
| 198 | $data['subdir'] = $this->private_folder; |
| 199 | } |
| 200 | |
| 201 | return $data; |
| 202 | } |
| 203 | |
| 204 | /** |
| 205 | * If the media is into private folder change response to show |
| 206 | */ |
| 207 | public function galleryLabel($response) |
| 208 | { |
| 209 | if (strpos($response['url'], $this->private_folder) !== false || strpos($response['url'], 'video-src') !== false || strpos($response['url'], 'presto-player-token') !== false) { |
| 210 | $response['filename'] = __('Private: ', 'presto-player') . $response['filename']; |
| 211 | } |
| 212 | |
| 213 | return $response; |
| 214 | } |
| 215 | |
| 216 | /** |
| 217 | * Adds the private folder |
| 218 | * |
| 219 | * @return void |
| 220 | */ |
| 221 | public function addPrivateFolder() |
| 222 | { |
| 223 | \WP_Filesystem(); |
| 224 | global $wp_filesystem; |
| 225 | |
| 226 | $private_folder = $this->makeFolder($wp_filesystem, apply_filters('presto_player_private_folder_name', $this->private_folder)); |
| 227 | $this->setHtaccess($wp_filesystem, $private_folder); |
| 228 | |
| 229 | if (!empty($wp_filesystem->errors->errors)) { |
| 230 | add_action('admin_notices', [$this, 'errorNotice']); |
| 231 | } |
| 232 | } |
| 233 | |
| 234 | /** |
| 235 | * Show an error notice if we can't create the priate folder |
| 236 | * |
| 237 | * @return void |
| 238 | */ |
| 239 | public function errorNotice() |
| 240 | { |
| 241 | $class = 'notice notice-error'; |
| 242 | $message = __('Irks! Error when creating a new private folder for private media', 'presto-player'); |
| 243 | |
| 244 | printf('<div class="%1$s"><p>%2$s</p></div>', esc_attr($class), esc_html($message)); |
| 245 | } |
| 246 | |
| 247 | /** |
| 248 | * Makes our custom folder in the .htaccess directory |
| 249 | * |
| 250 | * @param \WP_Filesystem $wp_filesystem |
| 251 | * @param string $folder_name |
| 252 | * @return void |
| 253 | */ |
| 254 | private function makeFolder($wp_filesystem, $folder_name) |
| 255 | { |
| 256 | $wp_upload_dir = wp_upload_dir(); |
| 257 | $private_folder = trailingslashit($wp_upload_dir['basedir']) . $folder_name; |
| 258 | $wp_filesystem->mkdir($private_folder); |
| 259 | |
| 260 | return $private_folder; |
| 261 | } |
| 262 | |
| 263 | /** |
| 264 | * Sets htaccess rules in the new private folder |
| 265 | * |
| 266 | * @param \WP_Filesystem $wp_filesystem |
| 267 | * @param string $private_folder |
| 268 | * @return void |
| 269 | */ |
| 270 | private function setHtaccess($wp_filesystem, $private_folder) |
| 271 | { |
| 272 | $file = trailingslashit($private_folder) . '.htaccess'; |
| 273 | $wp_filesystem->put_contents($file, $this->return_htaccess_file_content(), FS_CHMOD_FILE); |
| 274 | } |
| 275 | |
| 276 | public function makeIPWhiteList() |
| 277 | { |
| 278 | $out = ''; |
| 279 | foreach ($this->allowed_ips as $ip) { |
| 280 | $out .= "allow from $ip \n"; |
| 281 | } |
| 282 | return $out; |
| 283 | } |
| 284 | |
| 285 | /** |
| 286 | * Htaccess configuration |
| 287 | * |
| 288 | * @return string (heredoc) |
| 289 | */ |
| 290 | private function return_htaccess_file_content() |
| 291 | { |
| 292 | $list = $this->makeIPWhitelist(); |
| 293 | return <<<END |
| 294 | # Deny access to everything by default |
| 295 | Order Deny,Allow |
| 296 | deny from all |
| 297 | $list |
| 298 | # Deny access to sub directory |
| 299 | <Files subdirectory/*> |
| 300 | deny from all |
| 301 | $list |
| 302 | </Files> |
| 303 | END; |
| 304 | } |
| 305 | } |
| 306 |